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Abstract 

Consider  a  network  of  n  processes  each  of  which  has  a  d-dimensional  vector  of  reals 
as  its  input.  Each  process  can  communicate  directly  with  all  the  processes  in  the  system; 
thus  the  communication  network  is  a  complete  graph.  All  the  communication  channels 
are  reliable  and  FIFO  (first-in- first-out).  The  problem  of  Byzantine  vector  consensus 
(BVC)  requires  agreement  on  a  d-dimensional  vector  that  is  in  the  convex  hull  of  the 
d-dimensional  input  vectors  at  the  non-faulty  processes.  We  obtain  the  following  results 
for  Byzantine  vector  consensus  in  complete  graphs  while  tolerating  up  to  /  Byzantine 
failures: 

•  We  prove  that  in  a  synchronous  system,  n  >  max(  3/  +  1,  (d+l)/  +  l  )  is  necessary 
and  sufficient  for  achieving  Byzantine  vector  consensus. 

•  In  an  asynchronous  system,  it  is  known  that  exact  consensus  is  impossible  in  pres¬ 
ence  of  faulty  processes.  For  an  asynchronous  system,  we  prove  that  n  >  (d+2)/+l 
is  necessary  and  sufficient  to  achieve  approximate  Byzantine  vector  consensus. 

Our  sufficiency  proofs  are  constructive.  We  show  sufficiency  by  providing  explicit  algo¬ 
rithms  that  solve  exact  BVC  in  synchronous  systems,  and  approximate  BVC  in  asyn¬ 
chronous  systems. 

We  also  obtain  tight  bounds  on  the  number  of  processes  for  achieving  BVC  using 
algorithms  that  are  restricted  to  a  simpler  communication  pattern. 
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1  Introduction 


This  paper  addresses  Byzantine  vector  consensus  (BVC),  wherein  the  input  at  each  process  is  a 
d-dimensional  vector  of  reals,  and  each  process  is  expected  to  decide  on  a  decision  vector  that  is  in 
the  convex  hull  of  the  input  vectors  at  the  non- faulty  processes.  The  system  consists  of  n  processes 
in  V  =  {pi,P2,  •  ■  •  ,pn}-  We  assume  n  >  1,  since  consensus  is  trivial  for  n  =  1.  At  most  /  processes 
may  be  Byzantine  faulty,  and  may  behave  arbitrarily  [12].  All  processes  can  communicate  with  each 
other  directly  on  reliable  FIFO  (first-in  first-out)  channels.  Thus,  the  communication  network  is  a 
complete  graph.  The  input  vector  at  each  process  may  also  be  viewed  as  a  point  in  the  d-dimensional 
Euclidean  space  Rrf,  where  d  >  0  is  a  finite  integer.  Due  to  this  correspondence,  we  use  the  terms 
point  and  vector  interchangeably.  Similarly,  we  interchangeably  refer  to  the  d  elements  of  a  vector 
as  coordinates.  We  consider  two  versions  of  the  Byzantine  vector  consensus  (BVC)  problem,  Exact 
BVC  and  Approximate  BVC. 

Exact  BVC:  Exact  Byzantine  vector  consensus  must  satisfy  the  following  three  conditions. 

•  Agreement:  The  decision  (or  output)  vector  at  all  the  non-faulty  processes  must  be  identical. 

•  Validity:  The  decision  vector  at  each  non-faulty  process  must  be  in  the  convex  hull  of  the 
input  vectors  at  the  non-faulty  processes. 

•  Termination:  Each  non-faulty  process  must  terminate  after  a  finite  amount  of  time. 

The  traditional  consensus  problem  [13,  10]  is  obtained  when  d  =  1;  we  refer  to  this  as  scalar 
consensus,  n  >  3/  +  1  is  known  to  be  necessary  and  sufficient  for  achieving  Byzantine  scalar 
consensus  in  complete  graphs  [12,  13].  We  observe  that  simply  performing  scalar  consensus  on 
each  dimension  of  the  input  vectors  independently  does  not  solve  the  vector  consensus  problem. 
In  particular,  even  if  validity  condition  for  scalar  consensus  is  satisfied  for  each  dimension  of  the 
vector  separately,  the  above  validity  condition  of  vector  consensus  may  not  necessarily  be  satisfied. 
For  instance,  suppose  that  there  are  four  processes,  with  one  faulty  process.  Processes  p\,P2  and 
P3  are  non-faulty,  and  have  the  following  3-dimensional  input  vectors,  respectively:  xi  =  [|,  |,  |], 
x2  =  [g>  §j  g]>  x3  =  [g,  gj  §]•  Process  p4  is  faulty.  If  we  perform  Byzantine  scalar  consensus  on  each 
dimension  of  the  vector  separately,  then  the  processes  may  possibly  agree  on  the  decision  vector 
[g,  g,  g],  each  element  of  which  satisfies  scalar  validity  condition  along  each  dimension  separately; 
however,  this  decision  vector  does  not  satisfy  the  validity  condition  for  BVC  because  it  is  not  in  the 
convex  hull  of  input  vectors  of  non-faulty  processes.  In  this  example,  since  every  non-faulty  process 
has  a  probability  vector  as  its  input  vector,  BVC  validity  condition  requires  that  the  decision 
vector  should  also  be  a  probability  vector.  In  general,  for  many  optimization  problems  [4],  the  set 
of  feasible  solutions  is  a  convex  set  in  Euclidean  space.  Assuming  that  every  non-faulty  process 
proposes  a  feasible  solution,  BVC  guarantees  that  the  vector  decided  is  also  a  feasible  solution. 
Using  scalar  consensus  along  each  dimension  is  not  sufficient  to  provide  this  guarantee. 

Approximate  BVC:  In  an  asynchronous  system,  processes  may  take  steps  at  arbitrary  relative 
speeds,  and  there  is  no  fixed  upper  bound  on  message  delays.  Fischer,  Lynch  and  Paterson  [9] 
proved  that  exact  consensus  is  impossible  in  asynchronous  systems  in  the  presence  of  even  a  single 
crash  failure.  As  a  way  to  circumvent  this  impossibility  result,  Dolev  et  al.  [5]  introduced  the  notion 
of  approximate  consensus,  and  proved  the  correctness  of  an  algorithm  for  approximate  Byzantine 
scalar  consensus  in  asynchronous  systems  when  n  >  5/  +  1.  Subsequently,  Abraham,  Arnit  and 
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Dolev  [1]  established  that  approximate  Byzantine  scalar  consensus  is  possible  in  asynchronous 
systems  if  re  >  3/  +  1.  Other  algorithms  for  approximate  consensus  have  also  been  proposed  (e.g., 
[3,  8]).  We  extend  the  notion  of  approximate  consensus  to  vector  consensus.  Approximate  BVC 
must  satisfy  the  following  conditions: 

•  e-Agreement:  For  1  <  l  <  d,  the  1-th  elements  of  the  decision  vectors  at  any  two  non-faulty 
processes  must  be  within  e  of  each  other,  where  e  >  0  is  a  pre-defined  constant. 

•  Validity:  The  decision  vector  at  each  non-faulty  process  must  be  in  the  convex  hull  of  the 
input  vectors  at  the  non-faulty  processes. 

•  Termination:  Each  non-faulty  process  must  terminate  after  a  finite  amount  of  time. 

The  main  contribution  of  this  paper  is  to  establish  the  following  bounds  for  complete  graphs. 

•  In  a  synchronous  system,  n  >  max(3 /  +  1,  (d  +  1)/  +  1)  is  necessary  and  sufficient  for  Exact 
BVC  in  presence  of  up  to  /  Byzantine  faulty  processes.  (Theorems  1  and  3). 

•  In  an  asynchronous  system,  n  >  (d  +  2)f  + 1  is  necessary  and  sufficient  for  Approximate  BVC 
in  presence  of  up  to  /  Byzantine  faulty  processes.  (Theorems  4  and  5). 

Observe  that  the  two  bounds  above  are  different  when  d  >  1,  unlike  the  case  of  d  =  1  (i.e.,  scalar 
consensus).  When  d  =  1,  in  a  complete  graph,  3/  +  1  processes  are  sufficient  for  exact  consensus 
in  synchronous  systems,  as  well  as  approximate  consensus  in  asynchronous  systems  [1].  For  d  >  1, 
the  lower  bound  for  asynchronous  systems  is  larger  by  /  compared  to  the  bound  for  synchronous 
systems. 

In  prior  literature,  the  term  vector  consensus  has  also  been  used  to  refer  to  another  form  of 
consensus,  wherein  the  input  at  each  process  is  a  scalar,  but  the  agreement  is  on  a  vector  containing 
these  scalars  [7,  16].  Thus,  our  results  are  for  a  different  notion  of  consensus. 

Simpler  (Restricted)  Algorithm  Structure 

In  prior  literature,  iterative  algorithms  with  very  simple  structure  have  been  proposed  to  achieve 
approximate  consensus,  including  asynchronous  approximate  Byzantine  scalar  consensus  [5]  in  com¬ 
plete  graphs,  and  synchronous  as  well  as  asynchronous  approximate  Byzantine  consensus  in  incom¬ 
plete  graphs  [18].  Section  4  extends  these  simple  structures  to  vector  consensus  in  complete  graphs, 
and  obtains  the  following  tight  bounds:  (i)  n  >  (d  +  2)/  +  1  for  synchronous  systems,  and  (ii) 
n  >  (d  +  4)/  +  1  for  asynchronous  systems.  Observe  that  the  bound  for  the  simple  iterative  algo¬ 
rithms  in  asynchronous  systems  is  larger  by  2/  when  compared  to  the  bound  stated  earlier:  this 
is  the  cost  of  restricting  the  algorithm  structure.  This  2/  gap  is  analogous  to  that  between  the 
sufficient  condition  of  re  >  3/  +  1  for  asynchronous  scalar  consensus  proved  by  Abraham,  Arnit  and 
Dolev  [1] ,  the  sufficient  condition  of  re  >  5/  +  1  demonstrated  by  Dolev  et  al.  [5]  using  a  simpler 
algorithm. 

Our  Notations 

Many  notations  introduced  throughout  the  paper  are  also  summarized  in  Appendix  A.  We  use 
operator  |  .  |  to  obtain  the  size  of  a  multiset  or  a  set.  We  use  operator  ||  .  |j  to  obtain  the  absolute 
value  of  a  scalar. 
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2  Synchronous  Systems 


In  this  section,  we  derive  necessary  and  sufficient  conditions  for  exact  BVC  in  a  synchronous  system 
with  up  to  /  faulty  processes.  The  discussion  in  the  rest  of  this  paper  assumes  that  the  network  is 
a  complete  graph ,  even  if  this  is  not  stated  explicitly  in  all  the  results. 

2.1  Necessary  Condition  for  Exact  BVC 

Theorem  1  n  >  max(3/  +  l,(d+l)/  +  l)  is  necessary  for  Exact  BVC  in  a  synchronous  system. 

Proof:  From  [12,  13],  we  know  that,  for  d  =  1  (i.e.,  scalar  consensus),  n  >  3/  +  1  is  a  necessary 
condition  for  achieving  exact  Byzantine  consensus  in  presence  of  up  to  /  faults.  If  we  were  to 
restrict  the  d-dimensional  input  vectors  to  have  identical  d  elements,  then  the  problem  of  vector 
consensus  reduces  to  scalar  consensus.  Therefore,  n  >  3/  + 1  is  also  a  necessary  condition  for  Exact 
BVC  for  arbitrary  d.  Now  we  prove  that  n  >  (d  +  1)/  +  1  is  also  a  necessary  condition. 

First  consider  the  case  when  /  =  1,  i.e.,  at  most  one  process  may  be  faulty.  Since  none  of 
the  non-faulty  processes  know  which  process,  if  any,  is  faulty,  as  elaborated  in  Appendix  C,  the 
decision  vector  must  be  in  the  convex  hull  of  each  multiset  containing  the  input  vectors  of  n  —  1 
of  the  processes  (there  are  n  such  multisets).1  Thus,  this  intersection  must  be  non-empty,  for  all 
possible  input  vectors  at  the  n  processes.  (Appendix  C  provides  further  clarification.)  We  now 
show  that  the  intersection  may  be  empty  when  n  =  d+  1;  thus,  n  =  d+ 1  is  not  sufficient  for  /  =  1. 

Suppose  that  n  =  d+ 1.  Consider  the  following  set  of  input  vectors.  The  input  vector  of  process 
Pi,  where  1  <  i  <  d,  is  a  vector  whose  i-tli  element  is  1,  and  the  remaining  elements  are  0.  The 
input  vector  at  process  Pd+i  is  the  all-0  vector  (i.e.,  the  vector  with  all  elements  0).  Note  that  the 
d  input  vectors  at  p\,  ■  ■  ■  ,pd  form  the  standard  basis  for  the  d-dimensional  vector  space.  Also,  none 
of  the  d  +  1  input  vectors  can  be  represented  as  a  convex  combination  of  the  remaining  d  input 
vectors.  For  1  <  i  <  d  +  1,  let  Qi  denote  the  convex  hull  of  the  inputs  at  the  n  —  1  =  d  processes 
in  V  —  {pi}.  We  now  argue  that  n^t,1  Qi  is  empty. 

For  1  <  i  <  d,  observe  that  for  all  the  points  in  Qi,  the  i-th  coordinate  is  0.  Thus,  any  point 
that  belongs  to  the  intersection  nf=1  Qi  must  have  all  its  coordinates  0.  That  is,  only  the  all-0 
vector  belongs  to  nf=1  Qi.  Now  consider  Qd+i,  which  is  the  convex  hull  of  the  inputs  at  the  first  d 
processes.  Due  to  the  choice  of  the  inputs  at  the  first  d  processes,  the  origin  (i.e.,  the  all-0  vector) 
does  not  belong  to  Qd+i-  From  the  earlier  observation  on  nf=1  Qi,  it  then  follows  that  Qi  =  0. 
Therefore,  the  Exact  BVC  problem  for  /  =  1  cannot  be  solved  with  n  =  d  +  1.  Thus,  n  =  d  +  1  is 
not  sufficient.  It  should  be  easy  to  see  that  n  <  d  +  1  is  also  not  sufficient.  Thus,  n  >  d  +  2  is  a 
necessary  condition  for  /  =  1. 

Now  consider  the  case  of  /  >  1.  Using  the  commonly  used  simulation  approach  [12],  we 
can  prove  that  (d  +  1)/  processes  are  not  sufficient.  In  this  approach,  /  simulated  processes  are 
implemented  by  a  single  process.  If  a  correct  algorithm  were  to  exist  for  tolerating  /  faults  among 
(d  +  1)/  processes,  then  we  can  obtain  a  correct  algorithm  to  tolerate  a  single  failure  among  d  +  1 
processes,  contradicting  our  result  above.  Thus,  n  >  (d  +  1)/  +  1  is  necessary  for  /  >  1.  (For 
/  =  0,  the  necessary  condition  holds  trivially.)  □ 

1  Since  the  state  of  two  processes  may  be  identical,  we  use  a  multiset  to  represent  the  collection  of  the  states  of  a 
subset  of  processes.  Appendix  B  elaborates  on  the  notion  of  multisets. 
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2.2  Sufficient  Condition  for  Exact  BVC 


We  now  present  an  algorithm  for  Exact  BVC  in  a  synchronous  system,  and  prove  its  correctness  in 
a  complete  graph  with  n  >  max(3 /  +  1,  (d  +  1)/  +  1).  The  algorithm  uses  function  T(V)  defined 
below,  where  Y  is  a  multiset  of  points.  "H(T)  denotes  the  convex  hull  of  a  multiset  T. 

r(y)  =  r\TcY,\T\=\Y\-f  (l) 

The  intersection  above  is  over  the  convex  hulls  of  all  subsets  of  Y  of  size  |V|  —  /. 

Exact  BVC  algorithm  for  n  >  max(3 /  +  1,  (d  +  1 )/  +  1) : 


1.  Each  process  uses  a  scalar  Byzantine  broadcast  algorithm  (such  as  [12,  6])  to  broadcast  each 
element  of  its  input  vector  to  all  the  other  processes  (each  element  is  a  scalar).  The  Byzan¬ 
tine  broadcast  algorithm  allows  a  designated  sender  to  broadcast  a  scalar  value  to  the  other 
processes,  while  satisfying  the  following  properties  when  n  >  3/  +  1:  (i)  all  the  non-faulty 
processes  decide  on  an  identical  scalar  value,  and  (ii)  if  the  sender  is  non-faulty,  then  the  value 
decided  by  the  non-faulty  processes  is  the  sender’s  proposed  (scalar)  value.  Thus,  non-faulty 
processes  can  agree  on  the  d  elements  of  the  input  vector  at  each  of  the  n  processes. 

At  the  end  of  the  this  step,  each  non-faulty  process  would  have  received  an  identical  multiset 
S  containing  n  vectors,  such  that  the  vector  corresponding  to  each  non-faulty  process  is 
identical  to  the  input  vector  at  that  process. 

2.  Each  process  chooses  as  its  decision  vector  a  point  in  T(5);  all  non-faulty  processes  choose  the 
point  identically  using  a  deterministic  function.  We  will  soon  show  that  T(5)  is  non-empty. 

We  now  prove  that  the  above  algorithm  is  correct.  Later,  we  show  how  the  decision  vector  can 
be  found  in  Step  2  using  linear  programming.  The  proof  of  correctness  of  the  above  algorithm  uses 
the  following  celebrated  theorem  by  Tverberg  [17]: 

Theorem  2  (Tverberg’s  Theorem  [17])  For  any  integer  f  >  1,  and  for  every  multiset  Y  con¬ 
taining  at  least  (d  +  1)/  +  1  points  in  R<(,  there  exists  a  partition  Li,  •  •  • ,  l/+i  of  Y  into  f  +  1 
non-empty  multisets  such  that  n^jj1  hL(Yi)  /  0. 

The  points  in  multiset  Y  above  are  not  necessarily  distinct  [17];  thus,  the  same  point  may  occur 
multiple  times  in  Y .  (Appendix  B  elaborates  on  the  notion  of  multisets,  and  multiset  partition.) 
The  partition  in  Theorem  2  is  called  a  Tverberg  partition ,  and  the  points  in  n tf]1  'H(LJ)  in  Theorem 
2  are  called  Tverberg  points.  Appendix  D  provides  an  illustration  of  a  Tverberg  partition  for  points 
in  2-dimensional  space. 

The  lemma  below  is  used  to  prove  the  correctness  of  the  above  algorithm,  as  well  as  the  algorithm 
presented  later  in  Section  3. 

Lemma  1  For  any  multiset  Y  containing  at  least  {d  +  1)/  +  1  points  in  Rd,  T(T)  0. 

Proof:  Consider  a  Tverberg  partition  of  Y  into  /  +  1  non-empty  subsets  Y\,  ■  ■  ■ ,  Yf+i,  such  that 
the  set  of  Tverberg  points  TL{Y{)  /  0.  Since  |T|  >  (d+l)/  +  l,  by  Theorem  2,  such  a  partition 
exists.  By  (1)  we  have 

T(y)  =  F\TCY,\T\=\Y\-f  TL{T).  (2) 
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Consider  any  T  in  (2).  Since  |T|  =  |Y"|  —  /  and  there  are  /  +  1  subsets  in  the  Tverberg  partition 
of  Y,  T  excludes  elements  from  at  most  /  of  these  subsets.  Thus,  T  contains  at  least  one  subset 
from  the  partition.  Therefore,  for  each  T,  nfr,1  H{Yi)  C  T~L(T).  Hence,  from  (2),  it  follows  that 
Hj C  T(Y).  Also,  because  n {=l'H{Y{)  /  0,  it  now  follows  that  T(Y)  /  0.  □ 

We  can  now  prove  the  correctness  of  our  Exact  BVC  algorithm. 

Theorem  3  n  >  max(3/  +  1,  (d  +  1)/  +  1)  is  sufficient  for  achieving  Exact  B  VC  in  a  synchronous 
system. 

Proof:  We  prove  that  the  above  Exact  BVC  algorithm  is  correct  when  n  >  max(3 /  +  1,  (d+  1 )/  + 
1).  The  termination  condition  holds  because  the  Byzantine  broadcast  algorithm  used  in  Step  1 
terminates  in  finite  time.  Since  |5|  =  n  >  (d  +  1 )/  +  1,  by  Lemma  1,  T(S')  /  0.  By  (1)  we  have 

T(5)  =  nTcs,|T|=|S|-/  TL(T).  (3) 

At  least  one  of  the  multisets  T  in  (3),  say  T* .  must  contain  the  inputs  of  only  non-faulty  processes, 
because  \T\  =  \S\  —  f  =  n  —  f,  and  there  are  at  most  /  faulty  processes.  By  definition  of  T(5), 
T(S)  C  JUT*).  Then,  from  the  definition  of  T*,  and  the  fact  that  the  decision  vector  is  chosen 
from  T(5),  the  validity  condition  follows. 

Agreement  condition  holds  because  all  the  non-faulty  processes  have  identical  S ,  and  pick  as 
their  decision  vector  a  point  in  T(S')  using  a  deterministic  function  in  Step  2.  □ 

We  now  show  how  Step  2  of  the  Exact  BVC  algorithm  can  be  implemented  using  linear  pro¬ 
gramming.  The  input  to  the  linear  program  is  S  =  {sj  :  1  <  i  <  n},  a  multiset  of  d-dimensional 
vectors.  Our  goal  is  to  find  a  vector  z  G  T(S);  or  equivalently,  find  a  vector  z  that  can  be  expressed 
as  a  convex  combination  of  vectors  in  T  for  all  choices  TVS  such  that  |T|  =  n  —  f.  The  linear 
program  uses  the  following  d  +  (n-f)  (n  —  /)  variables. 

•  zi,  ..z <2 :  variables  for  d  elements  of  vector  z. 

•  cxt.i  :  coefficients  such  that  z  can  be  written  as  convex  combination  of  vectors  in  T.  We 
include  here  only  those  n  —  f  indices  i  for  which  Sj  G  T. 

For  every  T,  the  linear  constraints  are  as  follows. 

•  z  =  i£T  ®T,isi  (z  is  a  linear  combination  of  s,  G  T ) 

•  SsiST  aT,i  =  1  (The  sum  of  all  coefficients  for  a  particular  T  is  1) 

•  aT.i  >  0  for  all  Sj  G  T. 

For  every  T,  we  get  d+l+n  — /  linear  constraints,  yielding  a  total  of  (n”j)(d+l+n— /)  constraints 
in  d  +  (n”j)(n  —  /)  variables.  Hence,  for  any  fixed  /,  a  point  in  T(5)  can  be  found  in  polynomial 
time  by  solving  a  linear  program  with  the  number  of  variables  and  constraints  that  are  polynomial 
in  n  and  d  (but  not  in  /).  However,  when  /  grows  with  n,  the  computational  complexity  is  high. 

We  note  here  that  the  above  Exact  BVC  algorithm  remains  correct  if  the  non-faulty  processes 
identically  choose  any  point  in  T(S')  as  the  decision  vector.  In  particular,  as  seen  in  the  proof  of 
Lemma  1,  all  the  Tverberg  points  are  contained  in  T(S'),  therefore,  one  of  the  Tverberg  points 
for  multiset  S  may  be  chosen  as  the  decision  vector.  It  turns  out  that,  for  arbitrary  d,  currently 
there  is  no  known  algorithm  with  polynomial  complexity  to  compute  a  Tverberg  point  for  a  given 
multiset  [2,  14,  15].  However,  in  some  restricted  cases,  efficient  algorithms  are  known  (e.g.,  [11]). 
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3  Asynchronous  Systems 

We  develop  a  tight  necessary  and  sufficient  condition  for  approximate  asynchronous  BVC. 

3.1  Necessary  Condition  for  Approximate  Asynchronous  BVC 

Theorem  4  n  >  (d  +  2)/  +  1  is  necessary  for  approximate  BVC  in  an  asynchronous  system. 

Proof:  We  first  consider  the  case  of  /  =  1.  Suppose  that  a  correct  algorithm  exists  for  n  =  d  +  2. 
Denote  by  the  input  vector  at  each  process  pk-  Now  consider  a  process  p% ,  where  1  <  i  <  d  +  1. 
Since  a  correct  algorithm  must  tolerate  one  failure,  process  px  must  terminate  in  all  executions  in 
which  process  Pd+2  does  not  take  any  steps.  Suppose  that  all  the  processes  are  non-faulty,  but 
process  Pd+2  does  not  take  any  steps  until  all  the  other  processes  terminate.  At  the  time  when 
process  pt  terminates  (1  <  i  <  d  +  1),  it  cannot  distinguish  between  the  following  d+  1  scenarios: 

•  Process  Pd+2  has  crashed:  In  this  case,  to  satisfy  the  validity  condition,  the  decision  of  process 
Pi  must  be  in  the  convex  hull  of  the  inputs  of  processes  pi,P2,  ■  ■  •  ,pd+i-  That  is,  the  decision 
vector  must  be  in  the  convex  hull  of  Xf+2  defined  below. 

Af+2  =  {xfc  :  l<fc<d+l}  (4) 

Xrf+2  is  not  included  above,  because  until  process  pi  terminates,  Pd+2  does  not  take  any  steps 
(so  pi  cannot  learn  any  information  about  x<^+ 2)- 

•  Process  pj  (j  7^  i,  1  <  j  <  d  +  1)  is  faulty,  and  process  Pd+2  is  slow,  and  hence  Pd+2  has  not 
taken  any  steps  yet:  Recall  that  we  are  considering  pt  at  the  time  when  it  terminates.  Since 
process  Pd+2  has  not  taken  any  steps  yet,  process  p%  cannot  have  any  information  about  the 
input  at  Pd+2 ■  Also,  in  this  scenario  pj  may  be  faulty,  therefore,  process  pi  cannot  trust  the 
correctness  of  the  input  at  py  Thus,  to  satisfy  the  validity  condition,  the  decision  of  process 
Pi  must  be  in  the  convex  hull  of  X]-  defined  below. 

Xj  =  {x/j  :  k  7^  j  and  1  <  k  <  d  +  1}  (5) 

The  decision  vector  of  process  pt  must  be  valid  independent  of  which  of  the  above  d  +  1  scenarios 
actually  occurred.  Therefore,  observing  that  "H( Xf+2)  D  'H(Xj),  where  j  /  i,  we  conclude  that 
the  decision  vector  must  be  in 


r]j&,i<j<d+ 1  U{xi)  (6) 

Recall  that  e  >  0  is  the  parameter  of  the  e-agreement  condition  in  Section  1.  For  1  <  i  <  d,  suppose 
that  the  i-th  element  of  input  vector  x,;  is  4e,  and  the  remaining  d—1  elements  are  0.  Also  suppose 
that  x^+1  and  x^+2  are  both  equal  to  the  all-0  vector. 

Let  us  consider  process  Pd+i-  In  this  case,  7i(XJd+1)  for  j  <  d  only  contains  vectors  whose  j-th 
element  is  0.  Thus,  the  intersection  of  all  the  convex  hulls  in  (6)  only  contains  the  all-0  vector, 
which,  in  fact,  equals  x^+i-  Thus,  the  decision  vector  of  process  Pd+i  must  be  equal  to  x^+i.  We 
can  similarly  show  that  for  each  pi,  1  <  i  <  d  +  1,  the  intersection  in  (6)  only  contains  vector  x,;, 
and  therefore,  the  decision  vector  of  process  pi  must  be  equal  to  its  input  x,.  The  input  vectors 
at  each  pair  of  processes  in  pi,  ■  ■  ■  ,Pd+ 1  differ  by  4e  in  at  least  one  element.  This  implies  that  the 
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e-agreement  condition  is  not  satisfied.  Therefore,  n  =  d  +  2  is  not  sufficient  for  /  =  1.  It  should  be 
easy  to  see  that  n  <  d  +  2  is  also  not  sufficient. 

For  the  case  when  /  >  1,  by  using  a  simulation  similar  to  the  proof  of  Theorem  1,  we  can  now 
show  that  n  <  (d  +  2)/  is  not  sufficient.  Thus,  n  >  (d  +  2)/  +  1  is  necessary  for  /  >  1.  (For  /  =  0, 
the  necessary  condition  holds  trivially.)  □ 

3.2  Sufficient  Condition  for  Approximate  Asynchronous  BVC 

We  will  prove  that  n  >  (d+2)f  + 1  is  sufficient  by  proving  the  correctness  of  an  algorithm  presented 
in  this  section.  The  proposed  algorithm  executes  in  asynchronous  rounds.  Each  process  p%  maintains 
a  local  state  Vj,  which  is  a  d-dimensional  vector.  We  will  refer  to  the  value  of  v*  at  the  end  of  the 
t-th  round  performed  by  process  pt  as  v,  [t] .  Thus,  v.;[t  —  1]  is  the  value  of  v*  at  the  start  of  the 
t-th  round  of  process  pi.  The  initial  value  of  Vj,  namely  v*[0],  is  equal  to  pi  s  input  vector,  denoted 
as  x,;.  The  messages  sent  by  each  process  anytime  during  its  t-th  round  are  tagged  by  the  round 
number  t.  This  allows  a  process  pt  in  its  round  t  to  determine,  despite  the  asynchrony,  whether  a 
message  received  from  another  process  pj  was  sent  by  pj  in  pj's  round  t. 

The  proposed  algorithm  is  obtained  by  suitably  modifying  a  scalar  consensus  algorithm  pre¬ 
sented  by  Abraham,  Arnit  and  Dolev  [1]  to  achieve  asynchronous  approximate  Byzantine  scalar 
consensus  among  3/  +  1  processes.  We  will  refer  to  the  algorithm  in  [1]  as  the  AAD  algorithm. 
We  first  present  a  brief  overview  of  the  AAD  algorithm,  and  describe  its  properties.  We  adopt 
our  notation  above  when  describing  the  AAD  algorithm  (the  notation  differs  from  [1]).  One  key 
difference  is  that,  in  our  proposed  algorithm  v.;[f]  is  a  vector,  whereas  in  AAD  description  below, 
it  is  considered  a  scalar.  The  AAD  algorithm  may  be  viewed  as  consisting  of  three  components: 

1.  AAD  component  #1:  In  each  round  t,  the  AAD  algorithm  requires  each  process  to  commu¬ 
nicate  its  state  v*[f  —  1]  to  other  processes  using  a  mechanism  that  achieves  the  properties 
described  next.  AAD  ensures  that  each  non- faulty  process  pt  in  its  round  t  obtains  a  set  Bi[t] 
containing  at  least  n  —  /  tuples  of  the  form  ( pj ,  w j,t),  such  that  the  following  properties  hold: 

•  (Property  1)  For  any  two  non-faulty  processes  pi  and  pp 

I  Bi[t\  n  Bj[t]\  >  n-  f  (7) 

That  is,  pi  and  pj  learn  at  least  n  —  f  identical  tuples. 

•  (Property  2)  If  ( pi,wi,t )  and  (pk,  W£,t)  are  both  in  Bt [t] ,  then  pi  /  p That  is,  B-L[t] 
contains  at  most  one  tuple  for  each  process. 

•  (Property  3)  If  pk  is  non-faulty,  and  (p*,  Wfc,i)  £  Bi[t ],  then  =  Vfc[f  —  1],  That  is,  for 
any  non-faulty  process  p Bi[t\  may  only  contain  the  tuple  (pk,  v*.[t  —  l],t).  (However, 
it  is  possible  that,  corresponding  to  some  non-faulty  process,  Bi[t]  does  not  contain  a 
tuple  at  all.) 

2.  AAD  component  #2:  Process  pi,  having  obtained  set  Bi[t]  above,  computes  its  new  state  v, [t] 
as  a  function  of  the  tuples  in  Bj  [t].  The  primary  difference  between  our  proposed  algorithm 
and  AAD  is  in  this  step.  The  computation  of  Vj[t]  in  AAD  is  designed  to  be  correct  for  scalar 
inputs  (and  scalar  decision),  whereas  our  approach  applies  to  d-dinrensional  vectors. 

3.  AAD  component  #3:  AAD  also  includes  a  sub-algorithm  that  allows  the  non-faulty  processes 
to  determine  when  to  terminate  their  computation.  Initially,  the  processes  cooperate  to 
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estimate  a  quantity  5  as  a  function  of  the  input  values  at  various  processes.  Different  non- 
faulty  processes  may  estimate  different  values  for  5,  since  the  estimate  is  affected  by  the 
behavior  of  faulty  processes  and  message  delays.  Each  process  then  uses  1  +  |dog2  as  the 
threshold  on  the  minimum  number  of  rounds  necessary  for  the  non-faulty  processes  to  converge 
within  e  of  each  other.  The  base  of  the  logarithm  above  is  2,  because  the  range  of  the  values 
at  the  non-faulty  processes  is  shown  to  shrink  by  a  factor  of  2  after  each  asynchronous  round 
of  AAD  [1],  Subsequently,  when  the  processes  reach  respective  thresholds  on  the  rounds,  they 
exchange  additional  messages.  After  an  adequate  number  of  processes  announce  that  they 
have  reached  their  threshold,  all  the  non-faulty  processes  may  terminate. 

It  turns  out  that  the  Properties  1,  2  and  3  hold  even  if  Component  #1  of  AAD  is  used  with 
Vj[f]  as  a  vector.  We  exploit  these  properties  in  our  algorithm  below.  The  proposed  algorithm 
below  uses  a  function  <3?,  which  takes  a  set,  say  set  B ,  containing  tuples  of  the  form  (pk,  w t),  and 
returns  a  multiset  containing  the  points  (i.e. ,  w^,).  Formally, 

$(£)  =  {Wfc  :  (pk,  wj.,  t)  €  B}  (8) 

A  mechanism  similar  to  that  in  AAD  may  potentially  be  used  to  achieve  termination  for  the 
approximate  BVC  algorithm  below  as  well.  The  main  difference  from  AAD  would  be  in  the  manner 
in  which  the  threshold  on  the  number  of  rounds  necessary  is  computed.  However,  for  brevity,  we 
simplify  our  algorithm  by  assuming  that  there  exists  an  upper  bound  U  and  a  lower  bound  v  on  the 
values  of  the  d  elements  in  the  inputs  vectors  at  non-faulty  processes,  and  that  these  bounds  are 
known  a  priori.  Thus,  all  the  elements  in  each  input  vector  will  be  <  U  and  >  v.  This  assumption 
holds  in  many  practical  systems,  because  the  input  vector  elements  represent  quantities  that  are 
constrained.  For  instance,  if  the  input  vectors  are  probability  vectors,  then  U  =  1  and  u  =  0.  If 
the  input  vectors  represent  locations  in  3-dimensional  space  occupied  by  mobile  robots,  then  U 
and  v  are  determined  by  the  boundary  of  the  region  in  which  the  robots  are  allowed  to  operate. 
The  advantage  of  the  AAD-like  solution  over  our  simple  approach  is  that,  depending  on  the  actual 
inputs,  the  algorithm  may  potentially  terminate  sooner,  and  the  AAD  mechanism  prevents  faulty 
processes  from  causing  the  non-faulty  processes  to  run  longer  than  necessary.  However,  the  simple 
static  approach  for  termination  presently  suffices  to  prove  the  correctness  of  our  approximate  BVC 
algorithm,  as  shown  later. 


Asynchronous  Approximate  BVC  algorithm  for  n  >  (d  +  2)/  +  1 : 


1.  In  the  f-th  round,  each  non-faulty  process  uses  the  mechanism  in  Component  #1  of  the  AAD 
algorithm  to  obtain  a  set  Bi[t]  containing  at  least  n  —  /  tuples,  such  that  Bi[t\  satisfies 
properties  1,  2,  and  3  described  earlier  for  AAD.  While  these  properties  were  proved  in  [1] 
for  scalar  states,  the  correctness  of  the  properties  also  holds  when  Vj  is  a  vector. 

2.  In  the  f-th  round,  after  obtaining  set  B,  [t] ,  process  pi  computes  its  new  state  v*[t]  as  follows. 
Form  a  multiset  Z\  using  the  steps  below: 

•  Initialize  Zi  as  empty. 

•  For  each  C  C  Bi[t]  such  that  \C\  =  n  —  f  >  (d+l)/  +  l,  add  to  Z%  one  deterministically 
chosen  point  from  T(<I>(C')).  Since  |$(C)|  =  \C\  >  (d  +  1)/  +  1,  by  Lemma  1,  T($((7)) 
is  non-empty. 


Note  that  \Z, 


(j^)  <  {nlf)-  Calculate 


(9) 


3.  Each  non-faulty  process  terminates  after  1  +  |"log1//(1_7)  rounds,  where  7  (0  <  7  <  1)  is 

a  constant  defined  later  in  (11).  Recall  that  e  is  the  parameter  of  the  e-agreement  condition. 


In  Step  2  above,  we  consider  (^jP)  subsets  C  of  Bi[t],  each  subset  being  of  size  n  —  f.  As 
elaborated  in  Appendix  F,  it  is  possible  to  reduce  the  number  of  subsets  explored  to  just  n  —  f . 
This  optimization  will  reduce  the  computational  complexity  of  Step  2,  but  it  is  not  necessary  for 
correctness  of  the  algorithm. 

Theorem  5  n  >  (d  +  2 )/  +  1  is  sufficient  for  approximate  BVC  in  an  asynchronous  system. 

Proof:  Without  loss  of  generality,  suppose  that  m  processes  Pi,P2,- "  Pm  are  non-faulty,  where 
m  >  n  —  /,  and  the  remaining  n  —  m  processes  are  faulty.  In  the  proof,  we  will  often  omit  the 

round  index  [t]  in  B{[t\,  since  the  index  should  be  clear  from  the  context.  In  this  proof,  we  consider 
the  steps  taken  by  the  non-faulty  processes  in  their  respective  t- th  rounds,  where  t  >  0.  We  now 
define  a  valid  point.  The  definition  is  used  later  in  the  proof. 

Definition  1  A  point  r  is  said  to  be  valid  if  there  exists  a  representation  of  r  as  a  convex  com¬ 
bination  of  vk[t  —  1],  1  <  k  <  m.  That  is,  there  exist  constants  /3k,  such  that  0  <  (3k  <  1  and 
^Oi<fc<m  fik  1?  and 


r  =  PkVk[t~  1]  (10) 

1  <k<m 

j3k  is  said  to  be  the  weight  ofvk[t  —  1]  in  the  above  convex  combination. 

In  general,  there  may  exist  multiple  such  convex  combination  representations  of  a  valid  point  r. 
Observe  that  at  least  one  of  the  weights  in  any  such  convex  combination  must  be  >  ^  >  7. 

For  the  convenience  of  the  readers,  we  break  up  the  rest  of  this  proof  into  three  parts. 


Part  I:  At  a  non-faulty  process  pi,  consider  any  C  C  Bi  such  that  \C\  =  n  —  f  (as  in  Step  2  of 
the  algorithm).  Since  |<&(C')|  =  \C\  =  n  —  f  >  (d  +  1)/  +  1,  by  Lemma  1,  T($(C))  /  0.  So  Z%  will 
contain  a  point  from  T($(C'))  for  each  C . 

Now,  C  C  Bi,  |<h(C')|  =  n  —  f,  and  there  are  at  most  /  faulty  processes.  Then  Property  3  of 
Bi  implies  that  at  least  one  (n  —  2/)-size  subset  of  3>(C)  must  also  be  a  subset  of  {vi[t  —  1],  V2[t  — 
l],*--,vm[f  —  1]},  i.e.,  contain  only  the  state  of  non-faulty  processes.  Therefore,  all  the  points 
in  r($(C))  must  be  valid  (due  to  (1)  and  Definition  1).  This  observation  is  true  for  each  set  C 
enumerated  in  Step  2.  Therefore,  all  the  points  in  Z%  computed  in  Step  2  must  be  valid.  (Recall 
that  we  assume  processes  pi,  -  ■  •  ,pm  are  non-faulty.) 
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Part  II:  Consider  any  two  non-faulty  processes  pt  and  pj. 


•  Observation  1:  As  argued  in  Part  I,  all  the  points  in  Zj  are  valid.  Therefore,  all  the  points 
in  Zi  can  be  expressed  as  convex  combinations  of  the  state  of  non-faulty  processes,  i.e., 
{vi[f  —  1],  •  •  • ,  vm [t  —  1]}.  Similar  observation  holds  for  all  the  points  in  Zj  too. 

•  Observation  2:  By  Property  1  of  Bi  and  Bj2 

|  Bi  n  Bj  |  >  n  —  f. 

Therefore,  there  exists  a  set  Cij  C  BidBj  such  that  |CV/|  =  n  —  f.  Therefore,  Zj  and  Zj  both 
contain  one  identical  point  from  T(<I>(Cjj)).  Suppose  that  this  point  is  named  z ij.  As  shown  in 
Part  I  above,  z ^  must  be  valid.  Therefore,  there  exists  a  convex  combination  representation 
of  z ^  in  terms  of  the  states  {vi  [t  —  1] ,  V2 [t  —  1] ,  ■  •  • ,  vm [t.  —  1]}  of  non-faulty  processes.  Choose 
any  one  such  convex  combination.  There  must  exist  a  non-faulty  process,  say  Pg(ij),  such 
that  the  weight  associated  with  ^g(ij)[t  —  1]  in  the  convex  combination  for  z ij  is  >  ^  >  ^. 
We  can  now  make  the  next  observation.3 


Observation  3:  Recall  from  (9)  that  Vj[t]  is  computed  as  the  average  of  the  points  in  Zj,  and 
\Zi\  =  <  (nlf)-  By  Observations  1,  all  the  points  in  Zj  are  valid,  and  by  Observation 

2,  Zij  G  Zj.  These  observations  together  imply  that  Vj[t]  is  also  valid,  and  there  exists  a 


representation  of  Vj[f]  as  a  convex  combination  of  {vi[f  —  1], 


,  [t  —  1]},  wherein  the 


weight  of  ^gd.j)  [t  —  1]  is  > 


> 


"(i-j )  n(n-/)' 


Similarly,  we  can  show  that  there  exists  a 
[t  —  1]},  wherein  the 


representation  of  Vj  [f]  as  a  convex  combination  of  { vi  [t  —  1] ,  •  •  • ,  vm 
weight  of  vg(jj)[f  —  1]  is  >  -prr.  Define 

n  \n  —  f) 


1 


(11) 


Consensus  is  trivial  for  n  =  1,  so  we  consider  finite  n  >  1.  Therefore,  0  <  7  <  1. 


Part  III:  Observation  3  above  implies  that  for  any  r  >  0,  v*[r]  is  a  convex  combination  of 
{vi[t  —  1],  •  •  • ,  vm,[r  —  1]}.  Applying  this  observation  for  r  =  1, 2,  ■  •  • ,  f,  we  can  conclude  that  Vj[Z] 
is  a  convex  combination  of  {vi[0],  •  •  • ,  vm[0]},  implying  that  the  proposed  algorithm  satisfies  the 
validity  condition  for  approximate  consensus.  (Recall  that  v^.[0]  equals  process  pk  s  input  vector.) 

Let  Vj/[f]  denote  the  Z-th  element  of  the  vector  state  Vj[t]  of  process  pi.  Define  Dj[t]  = 
niaxi<fc<m  Vfc;[Z],  the  maximum  value  of  Z-th  element  of  the  vector  state  of  non-faulty  processes. 
Define  pi[t]  =  mini</c<m  v/,.; [t] ,  the  minimum  value  of  Z-th  element  of  the  vector  state  of  non-faulty 
processes.  Appendix  E  proves,  using  Observations  1  and  3  above,  that 

9,l[t]  -  m[t]  <  (1  -  7)  (D;[f  -  1]  -  m[t  -  1]) ,  for  1  <  l  <  d  (12) 

By  repeated  application  of  (12)  we  get 

ni[t]-m[t]  <  (l-7)t(fit[0]-/Xi[0])  (13) 

2 As  noted  earlier,  we  omit  the  round  index  [t]  when  discussing  the  sets  Bi[t\  and  Bj[t]  here. 

2Note  that,  to  simplify  the  notation  somewhat,  the  notation  g(i,j )  does  not  make  the  round  index  t  explicit. 
However,  it  should  be  noted  that  g(i,j )  for  processes  p;  and  pj  can  be  different  in  different  rounds. 
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Therefore,  for  a  given  e  >  0,  if 


Ol  [0]  -  yiii  [0] 


then 


t  >  log1/(1_7) 


e 


(14) 


Qi[t]  -  m[t]  <  e.  (15) 

Since  (14)  and  (15)  hold  for  1  <  l  <  d,  and  U  >  0/  [0]  and  v  <  //;[0]  for  1  <  l  <  d,  if  each  non-faulty 
process  terminates  after  1+  ["logx/^.,^  rounds,  e-agreement  is  ensured.  As  shown  previously, 

validity  condition  is  satisfied  as  well.  Thus,  the  proposed  algorithm  is  correct,  and  n  >  (d  +  2)/  +  1 
is  sufficient  for  approximate  consensus  in  asynchronous  systems.  □ 


4  Simpler  Approximate  BVC  Algorithms  with  Restricted  Round 
Structure 

The  proposed  approximate  BVC  algorithm  relies  on  Component  #1  of  AAD  for  exchange  of  state 
information  among  the  processes.  The  communication  pattern  of  AAD  requires  three  message 
delays  in  each  round  (i.e.,  a  causal  chain  of  three  messages  per  round),  to  ensure  strong  properties 
for  sets  Bi[t],  as  summarized  in  Section  3.2.  In  this  section,  we  consider  simpler  (restricted)  round 
structure  that  reduces  the  communication  delay,  and  the  number  of  messages,  per  round.  The 
price  of  the  reduction  in  message  cost/delay  is  an  increase  in  the  number  of  processes  necessary  to 
achieve  approximate  BVC,  as  seen  below. 

We  consider  a  restricted  round  structure  for  achieving  approximate  consensus  in  synchronous 
and  asynchronous  settings  both.  In  both  settings,  each  process  pi  maintains  state  v*[t],  as  in  the 
case  of  the  algorithm  in  Section  3.2.  v*[0]  is  initialized  to  the  input  vector  at  process  pt. 

Synchronous  approximate  BVC:  The  restricted  algorithm  structure  for  a  synchronous  system  is  as 
follows.  The  algorithm  executes  in  synchronous  rounds,  and  each  process  pi  performs  the  following 
steps  in  the  t- th  round,  t  >  0. 

1.  Transmit  current  vector  state,  v,[f  —  1],  to  all  the  processes.  Receive  vector  state  from  all  the 
processes.  If  a  message  is  not  received  from  some  process,  then  its  vector  state  is  assumed  to 
have  some  default  value  (e.g.,  the  all-0  vector). 

2.  Compute  new  state  v,; [t]  as  a  function  of  v*[t  —  1]  and  the  vectors  received  from  the  other 
processes  in  the  above  step. 

Asynchronous  approximate  B  VC:  The  restricted  structure  of  the  asynchronous  rounds  in  the  asyn¬ 
chronous  setting  is  similar  to  that  in  [5].  The  messages  in  this  case  are  tagged  by  the  round  index, 
as  in  Section  3.2.  Each  process  pt  performs  the  following  steps  in  its  t- th  round,  t  >  0: 

1.  Transmit  current  state  v,[f  —  1]  to  all  the  processes.  These  messages  are  tagged  by  round 
index  t. 

Wait  until  a  message  tagged  by  round  index  t  is  received  from  (n  —  /  —  1)  other  processes. 
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2.  Compute  new  state  v*[t]  as  a  function  of  v,;  [t  —  1],  and  the  (n  —  f  —  1)  other  vectors  collected 
in  the  previous  step  (for  a  total  of  n  —  f  vectors) . 

For  algorithms  with  the  above  round  structures,  the  following  results  can  be  proved;  the  proofs  are 
similar  to  those  in  Section  3. 

Theorem  6  For  the  restricted  synchronous  and  asynchronous  round  structures  presented  above  in 
Section  4,  following  conditions  are  necessary  and  sufficient: 

•  Synchronous  case:  n  >  (d  +  2)/  +  1 

•  Asynchronous  case:  n  >  (d  +  4)/  +  1 

To  avoid  repeating  the  ideas  used  in  Section  3,  we  do  not  present  complete  formal  proofs  here.  We 
can  prove  sufficiency  constructively.  The  restricted  round  structures  above  already  specify  the  Step 
1  of  each  round.  We  can  use  Step  2  analogous  to  that  of  the  algorithm  in  Section  3.2,  with  Bft] 
being  redefined  as  the  set  of  vectors  received  by  process  pi  in  Step  1  of  the  restricted  structure. 

•  In  the  synchronous  setting,  n  >  (d  +  2)/  +  1  is  necessary.  With  n  >  (d  +  2)/  +  1,  observe  that 
any  two  non-faulty  processes  pt  and  pj  will  receive  identical  vectors  from  n  —  f  >  (d+l)f  +  l 
non-faulty  processes.  Thus,  Br [f ]  n  Bj[t\  contains  at  least  (d  +  l)f  +  1  identical  vectors. 

•  In  the  asynchronous  setting,  n  >  (d  +  4)/  +  1  is  necessary.  With  n  >  (d  +  4)/  +  1,  each 
non-faulty  processe  will  have,  in  Step  2,  vectors  from  at  least  n  —  /  processes  (including 
itself).  Thus,  any  two  fault-free  processes  will  have,  in  Step  2,  vectors  from  at  least  n  —  2/ 
identical  processes,  of  which  at  most  /  may  be  faulty.  Thus,  Bi[t]  n  Bj[t\  contains  at  least 
n  —  3/  identical  vectors  (corresponding  to  the  state  of  n  —  3/  non-faulty  processes).  Note 
that  n  —  3/  >  (d  +  l)f  +  1. 

The  proof  of  correctness  of  the  algorithm  in  Section  3.2  relies  crucially  on  the  property  that 

| Bi [t]  n  Bj [f] |  >  (d  +  1)/  +  1. 

As  discussed  above,  when  the  number  of  nodes  satifies  the  constraints  in  Theorem  6,  this  property 
holds  for  the  restricted  round  structures  too.  The  rest  of  the  proof  of  correctness  of  the  restricted  al¬ 
gorithms  is  then  similar  to  the  proof  of  Theorem  4.  Thus,  the  above  synchronous  and  asynchronous 
algorithms  can  achieve  approximate  BVC. 


5  Summary 

This  paper  addresses  Byzantine  vector  consensus  (BVC)  wherein  the  input  at  each  process,  and 
its  decision,  is  a  d-dimensional  vector.  We  derive  tight  necessary  and  sufficient  bounds  on  the 
number  of  processes  required  for  Exact  BVC  in  synchronous  systems,  and  Approximate  BVC  in 
asynchronous  systems. 

In  Section  4,  we  derive  bounds  on  the  number  of  processes  required  for  algorithms  with  restricted 
round  structures  to  achieve  approximate  consensus  in  synchronous  as  well  as  asynchronous  systems. 
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Appendix 
A  Notations 


This  appendix  summarizes  some  of  the  notations  and  terminology  introduced  in  the  paper. 


n  =  number  of  processes. 

V  =  {p\,  p2,  •  •  • ,  Pn}  is  the  set  of  processes  in  the  system. 

/  =  maximum  number  of  Byzantine  faulty  processes. 

d  =  dimension  of  the  input  vector  as  well  as  decision  vector  at  each  process. 

x,  =  d-dimensional  input  vector  at  process  p%.  The  vector  is  equivalently  viewed  as  a  point 
in  the  Euclidean  space  Rrf. 

' H(Y )  denotes  the  convex  hull  of  the  points  in  multiset  Y. 

m  :  The  proof  of  Theorem  5  assumes,  without  loss  of  generality,  that  for  some  rn  >  n  —  f, 
processes  p\ ,  •  •  • ,  pm  are  non- faulty,  and  the  remaining  n  —  m  processes  are  faulty. 

T(.)  is  defined  in  (1). 

<3?(.)  is  defined  in  (8). 

v,  [t]  is  the  state  of  process  pi  at  the  end  of  its  f-th  round  of  the  asynchronous  BVC  algorithm, 
t  >  0.  Thus,  Vi[t  —  1]  is  the  state  of  process  pi  at  the  start  of  its  f-th  round,  f  >  0.  v*[0]  for 
process  pi  equals  its  input  x*. 

v,|  [f ]  is  the  f-th  element  of  v,  [t ] ,  where  1  <  l  <  d . 

Bi[t\  defined  in  Section  3.2,  is  a  set  of  tuples  of  the  form  ( pj,Wj,t ),  obtained  by  process  pi  in 
Step  1  of  the  approximate  consensus  algorithm. 


Weight  in  a  convex  combination  is  defined  in  Definition  1 

7  =  ,  \  s ,  as  dehned  in  (11).  Note  that  0  <  7  <  1  for  finite  n  >  1. 

nv»— // 


0,i[t]  =  maxi <k<m  Vjfcz[f] 

Pl[t\  =  mini<fc<m  vki[t] 

Pl[t]  =  D;[t]  -  Pi[t\ 

\Y\  denotes  the  size  of  a  multiset  Y. 

II  a  ||  is  the  absolute  value  of  a  real  number  a. 
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B  Multisets  and  Multiset  Partition 


Multiset  is  a  generalization  on  the  notion  of  a  set.  While  the  members  in  a  set  must  be  distinct,  a 
multiset  may  contain  the  same  member  multiple  times. 

Notions  of  a  subset  of  a  multiset  and  a  partition  of  a  multiset  have  natural  definitions.  For 
completeness,  we  present  the  definitions  here. 

Suppose  that  Y  is  a  multiset.  Y  contains  |  Y|  members.  Denote  the  members  in  Y  as  yt, 
1  <  i  <  \Y\.  Thus,  Y  =  {yi,  y2,  ■  ■  ■ ,  y\y\}-  Define  set  Ny  =  {1,  2,  •  •  • ,  |Y|}.  Thus,  Ny  contains 
integers  from  1  to  |Y|.  Since  Y  is  a  multiset,  it  is  possible  that  yi  =  yj  for  some  i  /  j. 

Z  is  a  subset  of  Y  provided  that  there  exists  a  set  Nz  C  Ny  such  that 

Z  =  {yi  :  ie  Nz} 


Subsets  Y ,  Y,  •  •  • ,  Yf,  of  multiset  Y  form  a  partition  of  Y  provided  that  there  exists  a  partition 
Ny  N‘2,-  ■  • ,  Nh  of  set  Ny  such  that 

Yj  =  {yi  :  ie  Nj},  1  <  j  <  b 

C  Clarification  for  the  Proof  of  Theorem  1 

In  the  proof  of  Theorem  1,  when  considering  the  case  of  /  =  1,  we  claimed  the  following: 

Since  none  of  the  non- faulty  processes  know  which  process,  if  any,  is  faulty,  as  elaborated  in 
Appendix  C,  the  decision  vector  must  be  in  the  convex  hull  of  each  multiset  containing  the 
input  vectors  of  n  —  1  of  the  processes  (there  are  n  such  multisets).  Thus,  this  intersection 
must  be  non-empty,  for  all  possible  input  vectors  at  the  n  processes. 

Now  we  provide  an  explanation  for  the  above  claim. 

Suppose  that  the  input  at  process  pi  is  x*,  1  <  i  <  n.  All  the  processes  are  non- faulty,  but 
the  processes  do  not  know  this  fact.  The  decision  vector  chosen  by  the  processes  must  satisfy  the 
agreement  and  validity  conditions  both. 

•  With  /  =  1,  any  one  process  may  potentially  be  faulty.  In  particular,  process  pi  (1  <  i  <  n) 

may  possibly  be  faulty.  Therefore,  the  input  x,  of  process  p%  cannot  be  trusted  by  other 
processes.  Then  to  ensure  validity ,  the  decision  vector  chosen  by  any  other  process  pj  ( j  i ) 

must  be  in  the  convex  hull  of  the  inputs  at  the  processes  in  V  —  {p*}  (i.e.,  all  processes  except 
Pi).  Thus,  the  decision  vector  of  process  pj  ( j  /  1)  must  be  in  the  convex  hull  of  the  points 
in  multiset  X1  below. 

X1  =  {xfc  :  k  /  i,  1  <  k  <  n}. 

•  To  ensure  agreement ,  the  decision  vector  chosen  by  all  the  processes  must  be  identical.  There¬ 
fore,  the  decision  vector  must  be  in  the  intersection  of  the  convex  hulls  of  all  the  multisets 
X1  (1  <  i  <  n)  defined  above.  Thus,  we  conclude  that  the  decision  vector  must  be  in  the 
intersection  below,  where  'H(Xl)  denotes  the  convex  hull  of  the  points  in  multiset  X *,  and  Qi 
denotes  'H(Xl). 

n"=1  n(xl)  =  n”=1  Qt  (16) 
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Figure  1:  Illustration  of  a  Tverberg  partition. 

Acknowledgment:  The  above  example  is  inspired  by  an  illustration  authored  by  David  Eppstein, 
which  is  available  in  the  public  domain  from  Wikipedia  Commons. 


If  the  intersection  in  (16)  is  empty,  then  there  is  no  decision  vector  that  satisfies  validity  and 
agreement  conditions  both.  Therefore,  the  intersection  must  be  non-empty. 

As  shown  in  the  proof  of  Theorem  1,  if  n  is  not  large  enough,  then  the  intersection  in  (16)  may 
be  empty. 

D  Tverberg  Partition 

Figure  1  illustrates  a  Tverberg  partition  of  a  set  of  7  vertices  in  2-dimensions.  The  7  vertices  are 
at  the  corners  of  a  heptagon.  Thus,  n  =  7  here,  and  d  =  2.  Let  /  =  2.  Then,  n  =  {d+  1)/  +  1,  and 
Tverberg’s  Theorem  2  implies  the  presence  of  a  Tverberg  partition  consisting  of  /  +  1  =  3  subsets. 
Figure  1  shows  the  convex  hulls  of  the  three  subsets  in  the  Tverberg  partition:  one  convex  hull  is  a 
triangle,  and  the  other  two  convex  hulls  are  each  a  line  segment.  In  this  example,  the  three  convex 
hulls  intersect  in  exactly  one  point.  Thus,  there  is  just  one  Tverberg  point.  In  general,  there  can 
be  multiple  Tverberg  points. 


E  Proof  of  (12) 


Vj;[t]  denotes  the  Z-th  element  of  the  vector  state  Vj[f]  of  process  pi,  1  <  l  <  d.  Processes  pi,  -  ■  ■  ,pm 
are  non- faulty,  and  processes  pm+ 1,  •  •  •  ,pn  are  faulty,  where  m  >  n  —  f .  Recall  that,  for  1  <  l  <  d, 


Define 


0;[f] 

=  max 

Vfcz[£], 

1  <k<m 

Ti[t\ 

=  min 

Vfc/[i], 

1  <k<m 

Pl[t } 

II 

p 

1 

- 

maximum  value  of  Z-th  elements  at  non- faulty  processes  (17) 
minimum  value  of  Z-th  elements  at  non- faulty  processes  (18) 

(19) 

(20) 


Equivalently, 


pi[t\  =  max  j|  Vj;[Z]  -  Vji[t\ 


(21) 
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where  ||  .  ||  operator  yields  the  absolute  value  of  the  scalar  parameter. 

Consider  any  two  non-faulty  processes  Pi,pj  (thus,  1  <  i.j  <  m).  Consider  1  <  l  <  d.  Then 


Pl[t-  1]  <  v«[t-  1]  <  1]  (22) 

Pl[t-  1]  <  Vji[t-  1]  <  nt[t-  1]  (23) 

Observations  1  and  3  in  Part  III  of  the  proof  of  Theorem  5,  and  the  definition  of  7,  imply  the 
existence  of  constants  aks  and  fiks  such  that: 

m 

v»[t]  =  E  akvk[t~M  where  (24) 

k= 1 

m 

ak>0  for  1  <  k  <  m,  and  E  ak  =  1  (25) 

k=  1 

>  7  (26) 

rri 

v,-[i]  =  E  /5fcvfc[t-l]  where  (27) 

fc=i 

m 

/5fc  >  0  for  1  <  k  <  m,  and  ^  /3k  =  1  (28) 

fc=i 

—  7  (29) 


In  the  following,  let  us  abbreviate  g(i,j )  simply  as  g.  Thus,  otguj)  is  same  as  ag,  and  Pguj\  is 
same  as  f3g.  From  (24)  and  (27),  focussing  on  just  the  operations  on  l- th  elements,  we  obtain 

m 

V«  [i]  =  5Z  “  1] 

fc=i 

<  a9vs/[t-l]  +  (1  -  a9)  Cli[t  -  1]  because  —  1]  <  —  1],  Vfe 

<  7Vs|[t-l]  +  (ag  -  l)vgi[t  -  1]  +  (1  -  -  1] 

<  7vji[t-l]  +  (ag  -  -  1]  +  (1  -  as)f2j[i- 1] 

because  vg/  [f  —  1]  <  —  1]  and  ag  >  7 

<  7Vsi[t-l]  +  (1  —  7)  Qi[t  —  1]  (30) 


vjiM  =  E  Av«[t_1] 

fc=i 

>  /3g  vgi[t  -  1]  +  (1  -  /3g)  pi [t  -  l]  because  vw[i  -  1]  >  w[t  -  1],  VA: 

>  7  —  !]  +  {Pg  -  l)Vgl[t  -  1]  +  (1  -  Pg)  m[t  -  1] 

>  7  —  1]  +  (/?g-7)w^-!]  +  (!- A?)  «[*-!] 

because  v9/  [t  —  1]  >  m  [t  —  1] ,  and  (3g  >  7 

>  7V3|[t-l]  +  (1  —  7)  pi[t  —  1]  (31) 

=7-  Vj/[t]  —  Vji[t]  <  (1  —  7)  (£li[t  —  1]  —  pi[t  —  1])  subtracting  (31)  from  (30)  (32) 
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By  swapping  the  role  of  pt  and  pj  above,  we  can  also  show  that 


Vji[t\  -  vu[t]  <  (1  -  7)  -  1]  -  m[t  -  1]) 

Putting  (32)  and  (33)  together,  we  obtain 


(33) 


vi/[i]  -  Vji[t]  ||  <  (1  -  7)  -  1]  -  m[t  -  1])  because  Qt[t  -  1]  >  pi[t  -  1] 

<  (1  —  7)  pi[t  —  1]  by  the  definition  of  pi[t  —  1]  (34) 


max  \\va[t]  -  Vji[t } 


<  (I-7  )pl[t~l\  (35) 

because  the  previous  inequality  holds  for  all  1  <  i,j  <  m 
=>  pi[t]  <  (1  —  7)  Pl[t  ~  1]  by  (21)  (36) 

Qi[t]-pi[t]  <  (1  -  7)  -  1]  -  m\t  -  1])  by  definition  of  pi [i] 


This  proves  (12). 


F  Optimization  of  Step  2  of  Asynchronous  BVC 

Property  1  of  Component  #1  of  AAD  described  in  Section  3.2  is  a  consequence  of  a  stronger 
property  satisfied  by  the  AAD  algorithm. 

In  AAD,  each  process  pk  sends  out  notifications  to  others  each  time  it  adds  a  new  tuple  to  its 
the  notifications  are  sent  over  the  FIFO  links.  AAD  defines  a  process  p^  to  be  a  “witness” 
for  process  pt  provided  that  (i)  pk  is  known  to  have  added  at  least  n  —  f  tuples  to  Bk[t\,  and  (ii) 
all  the  tuples  that  pk  claims  to  have  added  to  Bk  [f  ]  are  also  in  B{  [t] . 

AAD  also  ensures  that  each  non-faulty  process  has  at  least  n  —  f  witnesses,  ensuring  that  any 
two  non-faulty  processes  have  at  least  n  —  2f  witnesses  in  common,  where  n  —  2f  >  /  + 1.  Thus,  any 
two  non-faulty  processes  pi  and  pj  have  at  least  one  non-faulty  witness  in  common,  say  pk ■  This, 
in  turn,  ensures  (due  to  the  manner  in  which  the  advertisements  above  are  sent)  that  B, [t]  n  Bj[t] 
contains  at  least  the  first  n  —  f  tuples  advertised  by  pk- 

Each  process  can  keep  track  of  the  order  in  which  the  tuples  advertised  by  each  process  are 
received.  Then,  in  Step  2  of  the  asynchronous  approximate  BVC  algorithm,  instead  of  enumerating 
all  the  n  —  f- size  subsets  C  of  B{  [t] ,  it  suffices  to  only  consider  those  subsets  of  Bi  [t]  that  correspond 
to  the  first  n—f  tuples  advertised  by  each  witness  of  pi.  Since  there  can  be  no  more  than  n  witnesses, 
at  most  n  sets  C  need  to  be  considered.  Thus,  in  this  case  |Z,|  <  n. 

Since  each  pair  of  non-faulty  processes  pi  and  pj  shares  a  non-faulty  witness,  despite  considering 
only  <  n  subsets  in  Step  2,  Z%  and  Zj  computed  by  pt  and  pj  contain  at  least  one  identical  point, 
say,  z ij.  Our  proof  of  correctness  of  the  algorithm  relied  on  the  existence  of  such  a  point. 

It  should  now  be  easy  to  see  that  the  rest  of  the  proof  of  correctness  will  remain  the  same,  with 
7  being  re-defined  as 

1 
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